2

I am using datastax cassandra version 3.6.0 and trying to connect to cassandra with ssl. I have a ca cert already stored in dir "/etc/ssl/certs/cassandra.crt".

I have a cassandra cluster creation in JAVA as:

cluster = Cluster.builder().addContactPoints(hostArray).withPort(Integer.parseInt(port)).withCredentials(username, password).build();
 

I do see a with withSSL(SSLOptions) in a builder, How can I create a SSLOPtions in java with the above cert file such that I can use it to create a cluster?

In PYTHON I have

        ssl_opts = {"ca_certs": "/etc/ssl/certs/cassandra.crt"}
        auth_provider = PlainTextAuthProvider( username , password )
        cluster = Cluster(
            cluster_ips,
            auth_provider=auth_provider,
            port=20102,
            ssl_options=ssl_opts,
            load_balancing_policy=DCAwareRoundRobinPolicy()
        )

How do I do the same with the crt file to create cluster in java?

Programmer
  • 117
  • 2
  • 14

2 Answers2

1

You need to create SSLContext first. For creating SSLContext you can refer example here SSLContext Example. Once you have SSLConext object, you can get SSLOptions as below

 JdkSSLOptions sslOptions = JdkSSLOptions.builder().withSSLContext(context).withCipherSuites(theCipherSuites).build();

Then you can pass this sslOptions in withSSL method as

cluster = Cluster.builder().addContactPoints(hostArray).withPort(Integer.parseInt(port)).withCredentials(username, password).withSSL(sslOptions).build();

 
Manish Khandelwal
  • 2,260
  • 2
  • 15
  • 13
0

In Java driver v3.6, you configure SSL with the RemoteEndpointAwareSSLOptions class which uses the JSSE system properties (specified by -Djavax.net.ssl.*).

If you need more than what the system properties allow, configure SSL programatically with the RemoteEndpointAwareJdkSSLOptions class.

For details, see the Java driver 3.6 SSL page.

On a side note, v3.6 of the driver was released in August 2018 so it's very old. If you're developing a new app, we recommend that you use the latest version of the driver. If you run into issues with the older version, you will need to upgrade anyway to get the fixes. Cheers!

Erick Ramirez
  • 13,964
  • 1
  • 18
  • 23
  • What is the equivalent of `withSSL(RemoteEndpointAwareJdkSSLOptions.builder().build())` in 4.x library ? I tried to create a `CqlSession.builder()` with `withSslEngineFactory(DefaultSslEngineFactory(driverContext))` but that requires a driverContext which we can get only after creating a cql session (`session.getContext()`). Please let me know how I can migrate SSL part in the 3.x code to 4.x – sujithkrishnan Aug 23 '21 at 10:26
  • @sujithkrishnan Please log a new question since your follow up question is different from the one asked in this post. Cheers! – Erick Ramirez Aug 23 '21 at 22:55